为什么rest_framework.authentication.BasicAuthentication在我的代码中不起作用?

时间:2016-07-04 19:16:12

标签: django django-rest-framework django-rest-auth

我的API:

from rest_framework.authentication import BasicAuthentication
"""A simple API for file upload."""
class FileUploadView(APIView):
    parser_classes = (MultiPartParser,)
    authentication_classes = (BasicAuthentication,)
    @method_decorator(csrf_exempt)
    def dispatch(self, request, *args, **kwargs):
        return super(FileUploadView, self).dispatch(request, *args, **kwargs)

    def put(self, request):
        print "request:", str(request.META)
        print "request:", str(request.user.username)
        try:
            data = {'files': 'testing'}
            response = Response(data)
        except Exception as e:
            print "Exception when put file:", e
            data = { 'error' : str(e) }
            response = Response(data)

        return response

以上是我的API views.py。我用邮递员去做PUT。我没有在标题授权中添加任何内容(请求标头中没有HTTP_AUTHORIZATION),我可以将 {'文件':' testing'} 作为我的回复

为什么呢?有什么遗失?感谢

1 个答案:

答案 0 :(得分:0)

您添加了身份验证类,但未限制对视图的访问。默认情况下,DRF具有不受限制的访问权限。请参阅文档部分:

如果未指定,此设置默认允许不受限制的访问:

'DEFAULT_PERMISSION_CLASSES': (
   'rest_framework.permissions.AllowAny',
)

Setting the permission policy